Security dangers of MSN Messenger, Yahoo Messenger, AOL Instant Messenger and ICQ

Security Whitepapers

Beginner Security Articles

Network Security Jobs

Consultants Directory

Exploit Articles

Internet Anonymity

General Security

Encryption Information

E-Mail Security

HTTP Protocol Security

Linux Security

Exploit Discussion

Complete PDF Archive of Security Manuals

In The News General Security Information Exploit & Vulnerability Mailing List Archives Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware (25 posts) The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers
	Database Security (Common-sense Principles)
	Places that viruses and trojans hide on start up
	Step-by-Step Guide to Using the Security Configuration Tool Set
	Improving the Security of Your Site by Breaking Into it
	Domain Name Robbery
	XDCC - An .EDU Admin's Nightmare
	Database Security
	Database Security
	Is Database Security an Oxymoron?
	Database security: protecting sensitive and critical information
	The database security blanket
	Database security in your Web-enabled apps
	Making Your Network Safe for Databases
	SQL Injection: Modes of Attack, Defence, and Why It Matters
	Database Security in High Risk Environments
	Linksys Router Information (A collection)
	Common Ports
	Protection of the Administrator Account in the Offline SAM
	Windows 2000 Security
	The dangers of ftp conversions on misconfigured systems
	Win98.BlackBat
	AnnaKournikova worm decrypted
	C/C++ made easy with GoGooSE 1.0
	UNIX Bourne Shell Programming
	BATCH ProgramminG
	Assembly for nerds using linux
	THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING"
	The Ingredients to ARP Poison
	Outlook 2002: can't send .exe file with Email
	Windows 9x/Me Security and System Restrictions
	Exploiting The IPC Share
	Local Windows hacking
	Windows Cryptic Error Messages
	Windows NT Registry Tutorial
	catch a macro virus
	Protecting Files with Windows NTXP
	Microsoft Baseline Security Analyzer V1.1
	A Beginners Guide To Wireless Security
	Default Logins and Passwords for Networked Devices
	How To Eliminate The Ten Most Critical Internet Security Threats
	About computer crime
	System Backdoor Information
	System Backdoors Explained
	Introduction to Buffer Overflow
	Donald Pipkin's Security Tips for the Week of December 23rd
	Getting IP data from numerous sources
	Rainbow Series Library [The One The Only]
	Honeypots (Definitions and Value of Honeypots)
	General Attack Descriptions
	Wireless Taping
	CYBERTERRORISM
	Security from a different angle

Security dangers of MSN Messenger, Yahoo Messenger, AOL Instant Messenger and ICQ -20 Feb 2003

Email has revolutionised the way we talk to each other. For many of us, snail mail is a thing of the past. However, the benefits of speedy communications have come at a price. The past few months have seen commercial and home email users assailed with malicious worms and viruses, underlining the dangers of sharing information online. The popularity of email, however, may soon be rivalled by a newer and more nimble online communications system, Instant Messaging (IM). At last count, there were 50 million IM users worldwide. Its exploding popularity threatens to open a range of new security issues - issues that the anti-virus and internet firewall vendors have been slow to address. IM is like email on steroids. Users hold online conversations in real-time, passing typed messages back and forth in a way similar to speaking on a telephone. IM software tells users who is online and provides for conferences between multiple participants. In a corporate setting, this has, in many instances, filled the gap between email and telephones, providing fast collaboration between many people in different parts of the business. Elsewhere, IM has become the latest toy of internet consumers, many of whom are enamoured of its recreational potential but ignorant of its potential dangers.

The increasing popularity of IM over the past two years threatens to take security breaches to a new level. The four most popular IM products in use outside the commercial world - MSN Messenger, Yahoo Messenger, AOL Instant Messenger and ICQ - are all free and all highly vulnerable to security breaches. They allow users to freely transfer potentially virus-ridden files and to conduct unencrypted chat sessions that are a virtual open book to any reasonably knowledgeable hacker. The security vendors, however, appear to have lagged behind the IM popularity curve and this is an issue weighing heavily on the minds of corporate users. Like email, IM enables information to be shared through file transfers, with all its inherent dangers. However, IM goes one step further; it enables peer-to-peer file sharing among members of a messaging group. In other words, all users in an IM club can potentially access the disks of the other members of the group. Thus, the hard disks of unprotected IM users are potentially at the disposal of any would-be hacker during an IM chat session. The latest version of a whitepaper titled Instant Insecurity: Security Issues of Instant Messaging, written by Symantec virus researcher, Neal Hindocha, identifies five main IM security threats - worm viruses, back-door Trojan horses, hijacking and impersonation, denial of service and unauthorised disclosure of information. One major difference between email and IM goes some way towards limiting the appeal of IM to hackers.

Read This ZArticle at InfoSysSec.com